02:54 PM
Connect Directly

Aviator Browser Blocks Ads, Cookies By Default

Google Chrome, Microsoft Internet Explorer and Mozilla Firefox betray privacy for ad revenue, claims WhiteHat Security, maker of new privacy-first Aviator browser.

 Microsoft Surface: 10 Best And Worst Changes
Microsoft Surface: 10 Best And Worst Changes
(click image for larger view)
Characterizing mainstream Web browsers as insecure and damaging to privacy, WhiteHat Security has released a browser for OS X called Aviator that blocks ads and preserves privacy by default.

Based on Chromium, the open-source foundation of Google Chrome, Aviator treats advertising as a security vulnerability, privacy violation and general nuisance. Not only does it block ads and advertising tracking cookies via the Disconnect extension, it is preconfigured to use Duck Duck Go, a search engine that does not collect personal information, as its default search engine. Aviator operates in what Google Chrome calls "Incognito mode" all the time.

In a blog post, Robert Hansen, director of product management at WhiteHat Security, explains that browser vendors like Google, Mozilla and Microsoft have elected not go as far as Aviator has gone because doing so would reduce revenue from advertising.

Arguing that those who don't click on ads are not the sort of customers the online ad industry wants, Hansen contends that blocking ads by default can increase online satisfaction for millions, serve advertisers better by showing ads only to those who elect to see them, and protect people from privacy violations and the malware that travels on ad networks.

[ Will Google's enterprise efforts win you over? Read Google In The Enterprise Survey: Mind The Gaps. ]

"[N]ot a single browser vendor offers ad blocking, instead relying on optional third-party plugins, because this breaks their business model and how they make money," said Hansen in his post. "Current incentives between the user and browser vendor are misaligned. People simply aren't safe online when their browser vendor profits from ads."

In March 2011, Dasient, a security firm that sold protection against malicious ads and was acquired by Twitter the following year, estimated that the chance of encountering a malicious ad over three months of browsing was 95%.

In the Aviator FAQs, WhiteHat Security states that Google Chrome, Microsoft Internet Explorer and Mozilla Firefox are not as secure as Aviator because "implementing truly effective security and privacy would negatively impact their businesses."

Google and Microsoft did not respond to requests for comment. Mozilla declined to comment, but CTO Brendan Eich in June suggested his company's decision to delay implementation of third-party cookie blocking — criticized as succumbing to ad industry pressure — was the result of trying to find a way to deal with third-party cookies on a granular level that avoids the errors that arise when blocking is indiscriminate.

Ad blocking is on the rise, according to PageFair, a consultancy that caters to publishers concerned about ad blocking. A report published by the firm in August, based on a survey of 220 websites with the sort of technically sophisticated audience likely to employ ad-blocking software, found an average ad-blocking rate of 22.7%. PageFair says it expects that figure to grow by 50% over the next five years.

Ad blocking has become significant enough that Google this year began paying to have its search ads whitelisted through Adblock Plus' Acceptable Ads initiative. This initiative, which allows ad companies to prevent their ads from being filtered as long as they meet quality requirements (and pay a fee in the case of large companies), remains controversial and has been likened to a protection racket.

Hansen says that if enough people like Aviator, WhiteHat Security will build a Windows version.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
Drew Conry-Murray,
User Rank: Ninja
10/22/2013 | 11:12:13 PM
re: Aviator Browser Blocks Ads, Cookies By Default
I hope they bring it to Windows soon!
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.